<?
session_start();
session_cache_limiter('private');
session_cache_expire(60*12);


include("../webkit/include/simple_db.php");

$db = new SimpleDB();
$action = $_GET["action"];

if($action == "check") {
	if($_GET['ac'] != $_SESSION['hncc_auth_code']) {
		echo "ac_incorrect";
		return;
	}
	$sql = "select * from hncc_user where username='".$_GET["uid"]."' and userpass='".$_GET["pwd"]."'";
	$rec = $db->getOneRecord($sql);
	if($rec != null ) {
		if($rec['user_status'] == -1) {
			echo "sorry";
		} else {
			$_SESSION["uid"] = $_GET["uid"];
			$_SESSION["truename"] = iconv("utf-8", "gbk", $rec['truename']);
			$_SESSION["user_flag"] = $rec['user_flag'];
			$_SESSION["last_login"] = $rec['last_login'];
			$_SESSION["login_count"] = $rec['login_count'];
			$db->query("update hncc_user set login_count=login_count+1, last_login=now() where username='".$_GET["uid"]."'");
			echo "ok";
		}
	} else {
		echo "sorry";
	}
}
else if($action == "logout") {
	unset($_SESSION["uid"]);
	unset($_SESSION["truename"]);
	unset($_SESSION["user_flag"]);
	header("location:login.php");
} 
?>